org.xwiki.crypto.passwd.internal
Class PBKDF2KeyDerivationFunction

java.lang.Object
  extended by org.xwiki.crypto.passwd.internal.AbstractKeyDerivationFunction
      extended by org.xwiki.crypto.passwd.internal.PBKDF2KeyDerivationFunction
All Implemented Interfaces:
Serializable, KeyDerivationFunction

public class PBKDF2KeyDerivationFunction
extends AbstractKeyDerivationFunction

Password-Based Key Derivation Function 2. This is an implementation of the PBKDF2 which is defined as part of RSA's PKCS#5 see: http://www.ietf.org/rfc/rfc2898.txt

Since:
2.5M1
See Also:
Serialized Form

Constructor Summary
PBKDF2KeyDerivationFunction()
          Default Constructor.
PBKDF2KeyDerivationFunction(Digest hash)
          Constructor with digest specified.
 
Method Summary
 byte[] deriveKey(byte[] password)
          Convert the given password to a byte array similar to the output from a message digest except specially tuned for the unique requirements of protecting passwords.
protected  void functionF(byte[] password, byte[] salt, int iterationCount, byte[] currentIteration, byte[] out, int outOffset)
          PBKDF#2 internal function F.
 byte[] generateDerivedKey(byte[] password, byte[] salt, int iterationCount, int derivedKeyLength)
          Generate the PBKDF2 derived key.
 void init(byte[] salt, int iterationCount, int derivedKeyLength)
          Initialize the function manually.
protected  void integerToByteArray(int integer, byte[] outArray)
          Convert an integer to byte array in big-endian byte order.
 
Methods inherited from class org.xwiki.crypto.passwd.internal.AbstractKeyDerivationFunction
getDefaultDerivedKeyLength, getDefaultMillisecondsOfProcessorTime, init, init, init, serialize
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PBKDF2KeyDerivationFunction

public PBKDF2KeyDerivationFunction()
Default Constructor. Uses SHA-1 digest for compatabulity with PKCS#5


PBKDF2KeyDerivationFunction

public PBKDF2KeyDerivationFunction(Digest hash)
Constructor with digest specified.

Parameters:
hash - the digest to use for the internal Hash-based Message Authentication Code function.
Method Detail

init

public void init(byte[] salt,
                 int iterationCount,
                 int derivedKeyLength)
Initialize the function manually.

Specified by:
init in class AbstractKeyDerivationFunction
Parameters:
salt - the random salt to add to the password before hashing.
iterationCount - the number of iterations which the internal function should run.
derivedKeyLength - the number of bytes of length the derived key should be (dkLen)

deriveKey

public byte[] deriveKey(byte[] password)
Description copied from interface: KeyDerivationFunction
Convert the given password to a byte array similar to the output from a message digest except specially tuned for the unique requirements of protecting passwords.

Parameters:
password - the user supplied password.
Returns:
a byte array derived from the password.

generateDerivedKey

public byte[] generateDerivedKey(byte[] password,
                                 byte[] salt,
                                 int iterationCount,
                                 int derivedKeyLength)
Generate the PBKDF2 derived key. This is an implementation of PBKDF2(P, S, c, dkLen) defined in http://www.ietf.org/rfc/rfc2898.txt

Parameters:
password - the user supplied password expressed as a byte array.
salt - the random salt to add to the password before hashing.
iterationCount - the number of iterations which the internal function (F) should run.
derivedKeyLength - the number of bytes of length the derived key should be (dkLen)
Returns:
a byte array of length derivedKeyLength containing data derived from the password and salt. suitable for a key.

integerToByteArray

protected void integerToByteArray(int integer,
                                  byte[] outArray)
Convert an integer to byte array in big-endian byte order.

Takes an int and an array of bytes. This array should be 4 bytes long. Doesn't return anything in order to recycle the same memory locations.

Parameters:
integer - the int which will be converted to an array of bytes.
outArray - the array to populate with the output, this array should be 4 bytes.

functionF

protected void functionF(byte[] password,
                         byte[] salt,
                         int iterationCount,
                         byte[] currentIteration,
                         byte[] out,
                         int outOffset)
PBKDF#2 internal function F. This is an implementation of F(P, S, c, l) defined in http://www.ietf.org/rfc/rfc2898.txt

Parameters:
password - (P)
salt - (S)
iterationCount - (c)
currentIteration - when this function is called in a loop this should be the current cycle in that loop. (l) NOTE: to recycle memory, this parameter is given as a 4 byte array representing an int.
out - the array which will be modified to contain the output.
outOffset - the out array will be written to beginning at this index.